security levels, V.4
Ran Atkinson
randall at Virginia.EDU
Tue Dec 4 02:13:44 AEST 1990
In article <1990Nov30.145545.29792 at murdoch.acc.Virginia.EDU>,
Ran Atkinson <randall at Virginia.EDU> writes:
>>If folks dislike C2, they will be much more unhappy with B2. I on the other
>>hand prefer at least a B1 system because it is much safer from breakins
In article <873 at visenix.UUCP> beattie at visenix.UUCP (Brian Beattie) writes:
>B1 is no more resitant to breakins than C2.
>in fact the C2 requirements for I&A (login and password)
>are the same as for B2.
>A properly administered C1 system is
>as safe from _breakin_ as a B2 system.
>The extra requirements for B1 and B2 are for
>labeling of data and are required to prevent
>users with accounts from accessing data improperly
>not for preventing unauthorized access to the machine.
>It is a common misconception that the higher the rating
>the more secure the system is from breakin, this is
>generally not the case.
I consider ANY unauthorised access to data on a system to be a break-in.
Most breakins are from folks who have access to a system not from outsiders.
My original statement is entirely correct. I avoided using the technical
terminology of the trusted systems world deliberately since the audience
here is primarily not folks in that community.
Ran
randall at Virginia.EDU
More information about the Comp.unix.sysv386
mailing list